DDos Protection

Associate
Joined
2 Nov 2005
Posts
931
Location
Leicester
I run a server that hosts me and and my friends sites, recently I got a DDos attack that cut the server off from the internet. I have a dedicated Ubuntu server.

I am wondering if theres some open source software that support DDOS protection?
 
Last edited:
Assuming you have a hardware firewall, which should help a little.
You could set up a throttling server to request the legitimate incoming traffic to slow down based on the current network condition. Or maybe use the TARPIT target in the linux kernel netfilter?

Not 100% sure that will help, but I'm sure someone will correct me if it wont :D
 
Proper dDOS protection is extremely expensive as it's not easy to protect against a well (Or even semi-well) executed attack. May be worth contacting your ISP to see if they are willing to help (As dDOS will have negative affect on them as well).

Depending on the nature of the attack, most software implementations won't be able to help much.
 
Okay its in a datacentre.. perhaps I will just let the datacentre worry about it if it happens again (if software cant save me).

Would like info on your experiences of mentioned software (perhaps someone could run a test?)
 
If its a straight DOS where it comes from a single IP address then its easy, your ISP / hosting company should be able to get that IP address sinkholed.
Good DDOS protection is very hard to achieve. The ISP I work for has a dedicated software / hardware solution for helping protect customers against DDOS attacks, but its obscenely expensive. Ideally you need to be getting the protection at the earliest place possible. Odds are by the time its reached your server its almost too late. your bandwidth is getting eaten up and traffic will start to get congested heading to your server even if you're doing software stuff to reduce the overhead of answering the syn flood, or whatever is being done. The solution we use is within one or two hops of the entry points to our network, and if its needed for a customer traffic for that IP is routed through it, it blocks some stuff from the get go, but it'll take up to 6 hours to really get to be really effective as it needs to learn the patterns behind the attack before it can do a decent job of filtering it.
 
Back
Top Bottom